CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44800 matches found

ATTACKERKB•added 2026/04/03 9:41 p.m.•1 views

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

8.7CVSS6.2AI score0.00118EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/03 9:14 p.m.•17 views

CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

5CVSS0.00005EPSS

Exploits1References1

Debian CVE•added 2026/04/03 9:14 p.m.•4 views

CVE-2026-34990

7.8CVSS5.9AI score0.00005EPSS

Exploits1

EUVD•added 2026/04/03 9:14 p.m.•2 views

EUVD-2026-18889

5CVSS6AI score0.00005EPSS

Exploits1References1

CVE•added 2026/04/03 9:14 p.m.•17 views

CVE-2026-34990

OpenPrinting CUPS (OpenPrinting CUPS) CVE-2026-34990 affects versions 2.4.16 and earlier. A local unprivileged user can coerce cupsd to authenticate to an attacker-controlled localhost IPP service using a reusable Authorization: Local token, enabling /admin/ requests on localhost. By combining CU...

7.8CVSS6AI score0.00005EPSS

Exploits1References1Affected Software1

OSSF Malicious Packages•added 2026/04/03 7:10 p.m.•4 views

Malicious code in strapi-plugin-advanced-uuid (npm)

strapi-plugin-advanced-uuid is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:10 p.m.•4 views

MAL-2026-2450 Malicious code in strapi-plugin-advanced-uuid (npm)

6AI score

Exploits0References2

OSV•added 2026/04/03 7:10 p.m.•2 views

MAL-2026-2465 Malicious code in strapi-plugin-health-check (npm)

strapi-plugin-health-check is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:8 p.m.•8 views

MAL-2026-2471 Malicious code in strapi-plugin-nordica (npm)

strapi-plugin-nordica is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score

Exploits0References2

Rapid7 Blog•added 2026/04/03 7:6 p.m.•6 views

Metasploit Wrap-Up 04/03/2026

Additional Adapters and More Modules This week, we added a whole new bunch of HTTP/HTTPS-based CMD payloads for X64 and X86 versions of Windows. The additional breadth of selectable payloads and delivery techniques allows users new options to tailor the attack workflow for their environment. This...

10CVSS6.6AI score0.73126EPSS

Exploits11

OSV•added 2026/04/03 7:6 p.m.•2 views

MAL-2026-2474 Malicious code in strapi-plugin-nordica-deep (npm)

strapi-plugin-nordica-deep is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 7:5 p.m.•4 views

Malicious code in strapi-plugin-nordica-vhost (npm)

strapi-plugin-nordica-vhost is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:5 p.m.•3 views

MAL-2026-2476 Malicious code in strapi-plugin-nordica-recon (npm)

strapi-plugin-nordica-recon is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:4 p.m.•3 views

MAL-2026-2478 Malicious code in strapi-plugin-nordica-sync (npm)

strapi-plugin-nordica-sync is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 7:4 p.m.•6 views

Malicious code in strapi-plugin-nordica-sync (npm)

6AI score

Exploits0References2

OSV•added 2026/04/03 7:4 p.m.•2 views

MAL-2026-2475 Malicious code in strapi-plugin-nordica-lite (npm)

strapi-plugin-nordica-lite is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 7:4 p.m.•3 views

MAL-2026-2479 Malicious code in strapi-plugin-nordica-tools (npm)

strapi-plugin-nordica-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score

Exploits0References2

OSV•added 2026/04/03 5:26 p.m.•1 views

MAL-2026-2462 Malicious code in strapi-plugin-form (npm)

strapi-plugin-form is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 5:24 p.m.•4 views

Malicious code in strapi-plugin-sync (npm)

strapi-plugin-sync is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/03 5:23 p.m.•2 views

Malicious code in strapi-plugin-health (npm)

strapi-plugin-health is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by